🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Vulnerabilities protected by our XSS: Cross Site Scripting firewall rule

35,571,909

Attacks Blocked in Past 24 Hours

Showing 81-100 of 6,226 Vulnerabilities

Admin Page Spider <= 3.31 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2024-2401

Apr 29, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Realtyna Organic IDX plugin <= 4.14.4 - Reflected Cross-Site Scripting

6.1

CVE-2024-33924

Apr 29, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor <= 4.4.1 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2024-2967

Apr 29, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

AA Cash Calculator <= 1.0 - Reflected Cross-Site Scripting via invoice

6.1

CVE-2024-0848

Apr 29, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

SVS Pricing Tables <= 1.0.4 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2024-2958

Apr 29, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Sliding Widgets <= 1.5.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVE-2024-33938

Apr 29, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CodeBard's Patron Button and Widgets for Patreon <= 2.2.0 - Reflected Cross-Site Scripting

6.1

CVE-2024-33928

Apr 29, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Premium Addons for Elementor <= 4.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting

5.4

CVE-2024-4203

Apr 29, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Mhr Post Ticker <= 1.1 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2024-3021

Apr 29, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Where Did You Hear About Us Checkout Field for WooCommerce <= 1.3.1 - Authenticated (Shop Manager+) Stored Cross-Site Scripting

5.5

CVE-2024-2752

Apr 29, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Fan Page Widget by ThemeNcode <= 2.0 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2024-33695

Apr 26, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Smart Recent Posts Widget <= 1.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2024-33692

Apr 26, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Cornerstone <= 0.8.0 - Reflected Cross-Site Scripting

6.1

CVE-2024-28002

Apr 26, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Meks ThemeForest Smart Widget <= 1.6 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2024-33694

Apr 26, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Qi Addons For Elementor <= 1.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown widget

6.4

CVE-2024-3309

Apr 26, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Fancy Product Designer <= 6.1.7 - Reflected Cross-Site Scripting

6.1

CVE-2024-0905

Apr 26, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WPC Composite Products for WooCommerce <= 7.2.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVE-2024-2838

Apr 26, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Nextgen Gallery <= 3.59 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2024-2744

Apr 26, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Filterable Portfolio <= 1.6.4 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2024-4234

Apr 26, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

CF7 File Download – File Download for CF7 <= 2.0 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2024-33697

Apr 26, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Admin Page Spider <= 3.31 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2024-2401	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 29, 2024
Realtyna Organic IDX plugin <= 4.14.4 - Reflected Cross-Site Scripting	CVE-2024-33924	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 29, 2024
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor <= 4.4.1 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2024-2967	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 29, 2024
AA Cash Calculator <= 1.0 - Reflected Cross-Site Scripting via invoice	CVE-2024-0848	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 29, 2024
SVS Pricing Tables <= 1.0.4 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2024-2958	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 29, 2024
Sliding Widgets <= 1.5.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting	CVE-2024-33938	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	April 29, 2024
CodeBard's Patron Button and Widgets for Patreon <= 2.2.0 - Reflected Cross-Site Scripting	CVE-2024-33928	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 29, 2024
Premium Addons for Elementor <= 4.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2024-4203	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	April 29, 2024
Mhr Post Ticker <= 1.1 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2024-3021	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 29, 2024
Where Did You Hear About Us Checkout Field for WooCommerce <= 1.3.1 - Authenticated (Shop Manager+) Stored Cross-Site Scripting	CVE-2024-2752	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	April 29, 2024
Fan Page Widget by ThemeNcode <= 2.0 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2024-33695	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 26, 2024
Smart Recent Posts Widget <= 1.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2024-33692	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 26, 2024
Cornerstone <= 0.8.0 - Reflected Cross-Site Scripting	CVE-2024-28002	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 26, 2024
Meks ThemeForest Smart Widget <= 1.6 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2024-33694	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 26, 2024
Qi Addons For Elementor <= 1.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown widget	CVE-2024-3309	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	April 26, 2024
Fancy Product Designer <= 6.1.7 - Reflected Cross-Site Scripting	CVE-2024-0905	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 26, 2024
WPC Composite Products for WooCommerce <= 7.2.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting	CVE-2024-2838	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	April 26, 2024
Nextgen Gallery <= 3.59 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2024-2744	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 26, 2024
Filterable Portfolio <= 1.6.4 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2024-4234	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 26, 2024
CF7 File Download – File Download for CF7 <= 2.0 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2024-33697	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 26, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation